Preview deletes the .aspxauth cookie

I’ve been working a bit on an extremely weird support case the last couple of days.

When the editors on a site clicked on preview from either the content editor or the page editor then the page ended up in a redirect loop.

redirectloop

Who stole my cookie?

Using Fiddler I quickly noticed that the .ASPXAUTH cookie was removed from the session as soon as preview was clicked and what actually happened was the user being redirected infinitely to the login page until the browser crashed (chrome crashes nice, IE just fails miserably).

missingcookie_1

Then I tried to reproduce the issue in our local dev environment and everything worked fine. I then tried to attach to the production databases from my own environment and then the error occurred.

I debugged all our code which played around with cookies, set a breakpoint everywhere we called logout etc. etc. no results at all.

I started suspecting some editor of having played around with some security setting which caused the issue and went through each and every possible security setting I could think of. Still no result.

As a last resort I tried creating a support case at Sitecore support explaining the issue.

Before I got a response back from support I thought what about locked items or something weird like that?

In the content editor I right-clicked in the gutter and selected to show locked items, publishing warnings and so on.

publishingwarnings

Then I noticed a publishing warning on the Sitecore root item.

I clicked on publishing restrictions and here goes. Some one had made the Sitecore root item un-publishable.

Checking the checkbox back on again and resetting the app pool made everything back to normal again.

publishableunticked

I am not sure why someone would steal my cookie just because the root item is unpublishable, that is really an unexpected symptom.

Try it yourself on a random Sitecore solution, simply uncheck the Publishable checkbox on the Sitecore root and try to preview a page. Look in Fiddler or just the Resource pane in dev tools and see how the cookie just magically disappears.

Anders Laub

Anders Laub Christoffersen

Anders has been working with Sitecore for over a decade and has in this time been the lead developer and architect on several large scale enterprise solutions all around the world. Anders has been nominated a Sitecore Technical MVP three years in a row for 2014, 2015 and 2016. Anders is now working as a Sr. Solutions Architect at Sitecore in Copenhagen.

One thought on “Preview deletes the .aspxauth cookie

  1. Good catch!

    It’s one of those that can be really hard to find, and when found, it seems so obvious. But, – there are hundreds of more obvious causes than this one.

    :)

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
Website